Contents transmission/reception scheme with function for limiting recipients

ABSTRACT

In a contents transmission/reception system, the transmission of the contents to the corresponding reception device is permitted only in the case where the device identification information searched out by the device identification information search unit and the device identification information registered by the device identification information registration unit coincide, so that it is possible to provide the contents only to the limited reception devices, and it is possible to prevent the illegal reception of the contents.

BACKGROUND OF THE INVENTION

[0001] 1. Field of the Invention

[0002] The present Invention relates to a contentstransmission/reception system, a contents transmission device, acontents reception device, and a contents transmission/reception methodfor transmitting/receiving contents from a transmission device to areception device.

[0003] 2. Description of the Related Art

[0004] In conjunction with the spread and digitalization of computernetworks in recent years, the products called digital information homeelectronics are becoming popular. Also, in conjunction with the start ofthe ground based digital broadcasting, it is expected that the digitalbroadcasting compatible TV, set-top box, DVD recorder, etc. will becomemore popular in the future. It is convenient for the users to connectthese digital home electronics through networks.

[0005] The digital contents have an advantage that they can be easilycopied without causing any the degradation in their quality, but theyalso require measures concerning the copyright of the contents.

[0006]FIG. 33 shows an overall configuration of a conventional networksystem having a transmission device and a reception device. As shown inFIG. 33, a transmission device 1 (referred hereafter as a source deviceB) is connected to a local area network 2 such as the Ethernet. Thesource device B 1, a reception device 4 (referred hereafter as a sinkdevice A), and a router device C 5 are connected to an Ethernet segmentA 3 of this local area network 2. A sink device D 7 is connected to therouter device C 5 through the Internet 6. The sink device A 4 receivescontents from the source device B 1 through the local area network 2. Onthe other hand, the sink device D 7 is located within a range in whichcommunications with the source device B 1 through the Internet 6 and therouter device C 5 are possible.

[0007] Here, the contents indicate digital contents such as video dataand audio data such as MPEG4 data and documents such as text data andimage data, for example. Here, for the sake of explanation, the digitalcontents to be transferred after applying the copyright protection(which will be simply referred to as contents) will be considered.

[0008] Now, consider the case of transmitting contents from the sourcedevice B 1 to the sink device A 4 and the sink device D 7. At thispoint, it is necessary to account for the copyright of the contents. Asdescribed above, a range for exchanging this contents should preferablybe limited to a certain range, such as a range of a legitimate rightsuch as a range of a personal use or a range narrower than that, forexample, such that the contents cannot be exchange between others beyondthat range.

[0009] In order to realize the copyright protection, the following ruleswill be used regarding the contents transfer in the network system ofFIG. 33.

[0010] (1) The transmission/reception of contents that require thecopyright protection is permitted within the local area network. This isbecause exchanges among devices connected to the local area network canbe regarded as communications within a range of personal or familyentertainment.

[0011] (2) The transmission/reception of contents that require thecopyright protection is not permitted outside the local area network.The communications outside the local area network indicate opencommunications through the public network such as the Internet or thetelephone network, as in the communications between the source device B1 and the sink device D 7 shown in FIG. 33, for example. This is becausethe communications that are not closed within the local area networkcannot be regarded as communications within a range of personal orfamily entertainment.

[0012] Note that, in the following, the exemplary case of using theEthernet as the local area network and using IP (Internet protocol) fortransmission/reception of contents at an upper layer will be described.See documents disclosed at “http://www.ietf.org” for details regardingIP, for example. Of course, it is also possible to use the otherprotocols, as in the case where the local area network is the IEEE 1394and the upper layer protocol is the IP over 1394 which emulates the IP.

[0013] One method for limiting the contents distribution range to arange of personal entertainment is a method for permittingcommunications only within the identical local area network. In order torealize this, methods proposed conventionally include (1) a method forcarrying-out AKE (Authentication and Key Exchange) by using Ethernetframes (Japanese Patent Application Laid Open No. 2002-19135), and (2) amethod for checking whether the network address of the transmissiondevice and the reception device are identical or not (Japanese PatentApplication Laid Open No. 2001-285284). Besides these, there are also(3) a method for transmitting IP packets by setting TTL (Time To Live)equal to one, and (4) a combination of the above described methods.

[0014] A method combining the methods (2) and (3) will be described asan exemplary method for limiting the transmission/reception of contentsfrom the source device B 1 to sink devices within an identical Ethernetsegment in an environment shown in FIG. 34.

[0015] In general, in the IP, a plurality of devices can be regarded asbelonging to the identical Ethernet segment if they have the samenetwork address, so that it is possible to regard that the source deviceB 1 and the sink device are connected to the identical local areanetwork by checking that they have the same network address. This methodis shown in FIG. 35.

[0016] As shown in FIG. 35, the network address A of the sink device isregistered into the source device in advance (step S21). At a time ofthe transmission/reception of the contents, the source device comparesthe own network address with the network address of the sink device(steps S22, S23), and if they coincide, they are regarded as existing inthe identical local area network (step S24) and the transmission of thecontents is carried out. At this point, the TTL field of the packetdestined to the sink device may be set equal to one (step S25). If theydo not coincide, the contents transmission/reception processing isinterrupted (step S26). Note that the comparison processing is carriedout by the source device in this example, but the comparison processingmay be carried out by the sink device instead.

[0017] However, it is possible to circumvent the above describedlimitation to the identical local area network based on the networkaddress comparison, by making appropriate settings in the source deviceand the sink device such that it appears as if the source device and thesink device are virtually existing in the identical sub-net even if thesource device and the sink device are not physically connected to theidentical local area network.

[0018] One example of such cases is the VPN (Virtual Private Network),which is a generic term for indicating techniques for making a computerat a remote location to appear as if it is connected to the local areanetwork by constructing a network virtually, as a computer at a remotelocation which is connected to the Internet or an access point such as arouter carries out communications with a computer connected to the localarea network.

[0019] The examples of the VPN include L2TP, PPTP and IPSec. Here, theexemplary case of L2TP will be described. Note that the standardizationof L2TP, PPTP and IPSec is in progress by the IETF, and details can befound in documents disclosed at “http://www.letf.or”.

[0020]FIG. 36 shows an exemplary network configuration using the VPN. Asshown in FIG. 36, a source device B 1, a sink device C 9, and a VPNserver device D 60 are physically connected to an Ethernet segment A 3,and they have the identical network address so as to constitute thelocal area network Z 61. Also, a sink device A 4 and a router device E 5have the identical network address so as to constitute the local areanetwork Y.

[0021] The VPN server device D 60 is provided with a router function andconnected to the Internet 8. The sink device A 4 is assigned with aglobal IP address and connected to the VPN server device D 60 via theInternet 6 by using the VPN client function so as to constitute avirtual network X, such that the sink device A 4 is connected to thisvirtual network X. Here, what is important is that the sink device A 4is connected by the VPN so that the same network address as the sourcedevice B and the sink device C 9 is assigned virtually to the sinkdevice A 4.

[0022] Now, at a time of transmitting contents from the source device B1 to the sink device A 4, suppose that the above described distributionrange limiting method based on the network address comparison isapplied.

[0023] The sink device A 4 has the identical network address as thesource device B 1 so that the network addresses will coincide. As longas the sink device A 4 is connected to the Internet 6, regardless of itslocation in the world, the source device B 1 can transmit the contentsto the sink device A 4.

[0024] Also, even if the source device B 1 transmits the IP packet bysetting TTL=1 to the sink device A 4, the value of the TTL can be easilychanged, so that the packet can reach the sink device A 4 if a devicefor changing the value of the TTL is placed somewhere between the VPNserver device D 60 and the source device B 1.

[0025] This implies that there can be cases where even if the sub-netaddresses of the source device B 1 and the sink device A 4 areidentical, these devices may not necessarily be existing physically inthe identical local area network (the Ethernet segment in this example).

BRIEF SUMMARY OF THE INVENTION

[0026] It is therefore an object of the present invention to provide acontents transmission/reception system, a contents transmission device,a contents reception device, and a contents transmission/receptionmethod capable of transmitting contents only to limited receptiondevices.

[0027] According to one aspect of the present invention there isprovided a contents transmission/reception system, comprising: atransmission device; and at least one reception device that receivescontents from the transmission device; wherein the transmission devicehas: an authentication and key exchange processing unit configured tocarry out an authentication and key exchange processing with a receptiondevice that made a contents transmission request; a deviceidentification information transmission request unit configured totransmit a device identification information request to the receptiondevice, such that the reception device transmits a device identificationinformation; a device identification information registration unitconfigured to register the device identification information transmittedfrom the reception device; a device identification information searchunit configured to search out the device identification informationcorresponding to an IP (Internet Protocol) address or the receptiondevice, from a network to which the reception device is connected; acomparison judgement unit configured to judge whether the deviceidentification information searched out by the device identificationinformation search unit and the device identification informationregistered by the device identification information registration unitcoincide or not; and a distribution condition determination unitconfigured to change a distribution condition for contents to betransmitted to the reception device that made the contents transmissionrequest, according to a judgement result obtained by the comparisonjudgement unit; and the reception device has; a contents transmissionrequest unit configured to make the contents transmission request to thetransmission device; and a device identification informationtransmission unit configured to transmit the device identificationinformation of the reception device to the transmission device, uponreceiving the device identification information request from thetransmission device.

[0028] According to another aspect of the present invention there isprovided a contents transmission device for transmitting contents to atleast one reception device, the contents transmission device comprising:an authentication and key exchange processing unit configured to carryout an authentication and key exchange processing with a receptiondevice that made a contents transmission request; a deviceidentification information transmission request unit configured totransmit a device identification information request to the receptiondevice, such that the reception device transmits a device identificationinformation; a device identification information registration unitconfigured to register the device identification information transmittedfrom the reception device; a device identification information searchunit configured to search out the device identification informationcorresponding to an IP (Internet Protocol) address of the receptiondevice, from a network to which the reception device is connected; acomparison judgement unit configured to judge whether the deviceidentification information searched out by the device identificationinformation search unit and the device identification informationregistered by the device identification information registration unitcoincide or not: and a distribution condition determination unitconfigured to change a distribution condition for contents to betransmitted to the reception device that made the contents transmissionrequest, according to a judgement result obtained by the comparisonjudgement unit.

[0029] According to another aspect of the present invention there isprovided a contents transmission/reception system, comprising: atransmission device: and at least one reception device that receivescontents from the transmission device; wherein a reception device has: acontents transmission request unit configured to make a contentstransmission request to the transmission device: a first authenticationand key exchange processing unit configured to carry out anauthentication and key exchange processing with the transmission deviceto which the contents transmission request is made; a deviceidentification information transmission request unit configured totransmit a device identification information request to the transmissiondevice, such that the transmission device transmits a deviceidentification information: a device identification informationregistration unit configured to register the device identificationinformation transmitted from the transmission device: a deviceidentification information search unit configured to search out thedevice identification information corresponding to an IP (InternetProtocol) address of the transmission device, from a network to whichthe transmission device is connected; a comparison judgement unitconfigured to judge whether the device identification informationsearched out by the device identification information search unit andthe device identification information registered by the deviceidentification information registration unit coincide or not; and areception condition determination unit configured to determine areception condition for contents to be transmitted from the transmissiondevice to which the contents transmission request is made, according toa judgement result obtained by the comparison judgement unit; and thetransmission device has: a device identification informationtransmission unit configured to transmit the device identificationinformation of the transmission device to the reception device, uponreceiving the device identification information request from thereception device; a second authentication and key exchange processingunit configured to carry out an authentication and key exchangeprocessing with the reception device that made the contents transmissionrequest; and a contents transmission control unit configured to carryout contents transmission control according to the reception conditiondetermined by the reception condition determination unit.

[0030] According to another aspect of the present invention there isprovided a contents reception device for receiving contents from atransmission device, the contents reception device comprising: acontents transmission request unit configured to make a contentstransmission request to the transmission device; an authentication andkey exchange processing unit configured to carry out an authenticationand key exchange processing with the transmission device to which thecontents transmission request is made; a device identificationinformation transmission request unit configured to transmit a deviceidentification information request to the transmission device, such thatthe transmission device transmits a device identification information; adevice identification information registration unit configured toregister the device identification information transmitted from thetransmission device; a device identification information search unitconfigured to search out the device identification informationcorresponding to an IP (Internet Protocol) address of the transmissiondevice, from a network to which the transmission device is connected; acomparison judgement unit configured to judge whether the deviceidentification information searched out by the device identificationinformation search unit and the device identification informationregistered by the device identification information registration unitcoincide or not; and a reception condition determination unit configuredto determine a reception condition for contents to be transmitted fromthe transmission device to which the contents transmission request ismade, according to a judgement result obtained by the comparisonjudgement unit.

[0031] According to another aspect of the present invention there isprovided a contents transmission/reception system, comprising: atransmission device; and at least one reception device that receivescontents from the transmission device; wherein the transmission devicehas; a device identification information transmission request unitconfigured to transmit a device identification information request to areception device that made a contents transmission request, such thatthe reception device transmits a device identification information; adevice identification information registration unit configured toregister the device identification information transmitted from thereception device; an advance notice unit configured to make a deviceidentification information search advance notice, to the receptiondevice; a device identification information search unit configured tosearch out the device identification information corresponding to an IP(Internet Protocol) address of the reception device, from a network towhich the reception device is connected; a comparison judgement unitconfigured to judge whether the device identification informationsearched out by the device identification information search unit andthe device identification information registered by the deviceidentification information registration unit coincide or not; a requestresponse reception judgement unit configured to judge whether a responseto the device identification information search advance notice isreceived or not; and a distribution condition determination unitconfigured to determine a distribution condition for contents to betransmitted to the reception device that made the contents transmissionrequest, according to judgement results obtained by the comparisonjudgement unit and the request response reception judgement unit; andthe reception device has; a device information transmission unitconfigured to transmit the device identification information of thereception device and a device identification information search advancenotice response to the transmission device, upon receiving the deviceidentification information request from the transmission device.

[0032] According to another aspect of the present invention there isprovided a contents transmission device for transmitting contents to atleast one reception device, the contents transmission device comprising:a device identification information transmission request unit configuredto transmit a device identification information request to a receptiondevice that made a contents transmission request, such that thereception device transmits a device identification information; a deviceidentification information registration unit configured to register thedevice identification information transmitted from the reception device;an advance notice unit configured to make a device identificationinformation search advance notice, to the reception device; a deviceidentification information search unit configured to search out thedevice identification information corresponding to an IP (InternetProtocol) address of the reception device, from a network to which thereception device is connected; a comparison judgement unit configured tojudge whether the device identification information searched out by thedevice identification information search unit and the deviceidentification information registered by the device identificationinformation registration unit coincide or not; a request responsereception judgement unit configured to judge whether a response to thedevice identification information search advance notice is received ornot; and a distribution condition determination unit configured todetermine a distribution condition for contents to be transmitted to thereception device that made the contents transmission request, accordingto judgement results obtained by the comparison judgement unit and therequest response reception judgement unit.

[0033] According to another aspect of the present invention there isprovided a contents transmission/reception system, comprising: atransmission device; and at least one reception device that receivescontents from the transmission device; wherein the transmission devicehas; a device identification information search judgement unitconfigured to judge whether a device identification information searchrequest from a reception device is received or not; and a contentstransmission control unit configured to prohibit transmission ofcontents to the reception device when the device identificationinformation search judgement unit judges that the device identificationinformation search request is not received; and the reception devicehas; a contents transmission request unit configured to make a contentstransmission request to the transmission device; an authentication andkey exchange processing unit configured to carry out an authenticationand key exchange processing with the transmission device to which thecontents transmission request is made; a device identificationinformation transmission request unit configured to transmit the deviceidentification information request to the transmission device, such thatthe transmission device transmits a device identification information; adevice identification information registration unit configured toregister the device identification information transmitted from thereception device; an advance notice unit configured to make a deviceidentification information search advance notice, to the transmissiondevice; a device identification information search unit configured tosearch out the device identification information corresponding to an IP(Internet Protocol) address of the transmission device, from a networkto which the transmission device is connected; a comparison judgementunit configured to judge whether the device identification informationsearched out by the device identification information search unit andthe device identification information registered by the deviceidentification information registration unit coincide or not; and areception condition determination unit configured to determine areception condition for contents to be transmitted from the transmissiondevice to which the contents transmission request is made, according toa judgement result obtained by the comparison judgement unit.

[0034] According to another aspect of the present invention there isprovided a contents reception device for receiving contents from atransmission device, the contents reception device comprising: acontents transmission request unit configured to make a contentstransmission request to the transmission device; an authentication andkey exchange processing unit configured to carry out an authenticationand key exchange processing with the transmission device to which thecontents transmission request is made; a device identificationinformation transmission request unit configured to transmit the deviceidentification information request to the transmission device, such thatthe transmission device transmits a device identification information; adevice identification information registration unit configured toregister the device identification information transmitted from thereception device; an advance notice unit configured to make a deviceidentification information search advance notice, to the transmissiondevice; a device identification information search unit configured tosearch out the device identification information corresponding to an IP(Internet Protocol) address of the transmission device, from a networkto which the transmission device is connected; a comparison judgementunit configured to judge whether the device identification informationsearched out by the device identification information search unit andthe device identification information registered by the deviceidentification information registration unit coincide or not; and areception condition determination unit configured to determine areception condition for contents to be transmitted from the transmissiondevice to which the contents transmission request is made, according toa judgement result obtained by the comparison judgement unit.

[0035] Other features and advantages of the present invention willbecome apparent from the following description taken in conjunction withthe accompanying drawings.

BRIEF DESCRIPTION OF THE DRAWINGS

[0036]FIG. 1 is a block diagram showing one schematic configuration of acontents transmission/reception system according to the first embodimentof the present invention.

[0037]FIG. 2 is a block diagram showing an exemplary internalconfiguration of a source device A in the contentstransmission/reception system of FIG. 1.

[0038]FIG. 3 is a diagram showing a structure of a MAC address tableused in the source device A of FIG. 2.

[0039]FIG. 4 is a block diagram showing an exemplary internalconfiguration of a sink device B. C in the contentstransmission/reception system of FIG. 1.

[0040]FIG. 5 is a sequence chart showing one processing procedure of thecontents transmission/reception system of FIG. 1.

[0041]FIG. 6 is a sequence chart showing another processing procedure ofthe contents transmission/reception system of FIG. 1.

[0042]FIG. 7 is a flow chart showing a processing procedure of thesource device A of FIG. 2.

[0043]FIG. 8 is a block diagram showing another schematic configurationof a contents transmission/reception system according to the firstembodiment of the present invention in which a VPN server device isconnected between a source device and a sink device.

[0044]FIG. 9 is a block diagram showing one schematic configuration of acontents transmission/reception system according to the secondembodiment of the present invention.

[0045]FIG. 10 is a block diagram showing another schematic configurationof a contents transmission/reception system according to the firstembodiment of the present invention in which a VPN server device and aVPN client device are tunneling two networks.

[0046]FIG. 11 is a block diagram showing one exemplary internalconfiguration of a source device in the contents transmission/receptionsystem of FIG. 9 or FIG. 10.

[0047]FIG. 12 is a block diagram showing one exemplary internalconfiguration of a sink device in the contents transmission/receptionsystem of FIG. 9 or FIG. 10.

[0048]FIG. 13 is a block diagram showing another exemplary internalconfiguration of a source device in the contents transmission/receptionsystem of FIG. 9 or FIG. 10.

[0049]FIG. 14 is a block diagram showing another exemplary internalconfiguration of a sink device in the contents transmission/receptionsystem of FIG. 9 or FIG. 10.

[0050]FIG. 15 is a diagram showing three types of VPN device connectionstate in the contents transmission/reception system of FIG. 9 or FIG.10.

[0051]FIG. 16 is a block diagram showing one schematic configuration ofa contents transmission/reception system according to the thirdembodiment of the present invention.

[0052]FIG. 17 is a block diagram showing an exemplary internalconfiguration of a source device A in the contentstransmission/reception system or FIG 16.

[0053]FIG. 18 is a block diagram showing an exemplary internalconfiguration of a sink device B, C in the contentstransmission/reception system of FIG. 16.

[0054]FIG. 19 is a sequence chart showing one processing procedure ofthe contents transmission/reception system of FIG. 16 in the case wherea source device and a sink device are physically existing in anidentical segment.

[0055]FIG. 20 is a sequence chart showing another processing procedureof the contents transmission/reception system of FIG. 16 in the casewhere a source device and a sink device are not physically existing inan identical segment.

[0056]FIG. 21 is a block diagram showing an exemplary internalconfiguration of a source device in a contents transmission/receptionsystem according to the fourth embodiment of the present invention.

[0057]FIG. 22 is a block diagram showing an exemplary internalconfiguration of a sink device in a contents transmission/receptionsystem according to the fourth embodiment of the present invention.

[0058]FIG. 23 is a sequence chart showing one processing procedure of acontents transmission/reception system according to the fourthembodiment of the present invention in the case where a source deviceand a sink device are physically existing in an identical segment.

[0059]FIG. 24 is a sequence chart showing another processing procedureof a contents transmission/reception system according to the fourthembodiment of the present invention in the case where a source deviceand a sink device are not physically existing in an identical segment.

[0060]FIG. 25 is a block diagram showing an exemplary internalconfiguration of a source device in a contents transmission/receptionsystem according to the fifth embodiment of the present invention.

[0061]FIG. 26 is a block diagram showing an exemplary internalconfiguration of a sink device in a contents transmission/receptionsystem according to the fifth embodiment of the present invention.

[0062]FIG. 27 is a sequence chart showing one processing procedure of acontents transmission/reception system according to the fifth embodimentof the present invention in the case where a source device and a sinkdevice are physically existing in an identical segment.

[0063]FIG. 28 is a sequence chart showing another processing procedureof a contents-transmission/reception system according to the fifthembodiment of the present invention in the case where a source deviceand a sink device are not physically existing in an identical segment.

[0064]FIG. 29 is a block diagram showing an exemplary internalconfiguration of a source device in a contents transmission/receptionsystem according to the sixth embodiment of the present invention.

[0065]FIG. 30 is a block diagram showing an exemplary internalconfiguration of a sink device in a contents transmission/receptionsystem according to the sixth embodiment of the present invention.

[0066]FIG. 31 is a sequence chart showing one processing procedure of acontents transmission/reception system according to the sixth embodimentof the present invention in the case where a source device and a sinkdevice are physically existing in an identical segment.

[0067]FIG. 32 is a sequence chart showing another processing procedureof a contents transmission/reception system according to the sixthembodiment of the present invention in the case where a source deviceand a sink device are not physically existing in an identical segment.

[0068]FIG. 33 is a block diagram showing an overall configuration of aconventional network system having a transmission device and a receptiondevice.

[0069]FIG. 34 is a block diagram showing an overall configuration of aconventional network system in which different sink devices areconnected to Ethernet segments A and B.

[0070]FIG. 35 is a flow chart showing a processing procedure for judgingwhether network addresses of a source device and a sink device areidentical or not in the conventional network system of FIG. 34.

[0071]FIG. 36 is a block diagram showing an exemplary configuration of aconventional network system using VPN.

DETAILED DESCRIPTION OF THE INVENTION

[0072] Referring now to FIG. 1 to FIG. 32, embodiments of the contentstransmission/reception system according to the present invention will bedescribed in detail. In the following, the Ethernet is used as anexemplary physical network, and the IP is used as an exemplary upperlayer protocol. Of course, it is also possible to use the otherprotocols, as in the case where the local area network is the IEEE 1394and the upper layer protocol is the IP over 1394 which emulates the IP.

FIRST EMBODIMENT

[0073]FIG. 1 shows a schematic configuration of the contentstransmission/reception system according to the first embodiment of thepresent invention. The contents transmission/reception system of FIG. 1has a sink device B 11, a sink device C 12, a source device D 16 and arouter device F 13 which are connected to an Ethernet segment A 10, anda source device A 15 connected to the router device F 13 through theInternet 14. The sink device B 11 has a VPN server function, and thesource device A 15 has a VPN client function.

[0074] The sink devices B 11 and C 12 are connected to the identicalEthernet segment A 10, and have the identical network address so as toconstitute the local area network.

[0075] Here, the method for limiting the contents distribution range toa certain range (the Ethernet segment A 10 in this example) will bedescribed. Namely, the transmission/reception of contents from thesource device D 16 is permitted to the sink devices B 11 and C 12physically connected the Ethernet segment A 10, buttransmission/reception of contents from the source device A 15 which isconnected to another Ethernet segment by using the VPN function is norpermitted,

[0076] In this embodiment, even if the sink device and the source deviceconstitute a virtual network by using the VPN such that it appears as ifthey are connected to the identical local area network, the case wherethe device is physically connected to the Ethernet segment and the casewhere the device is virtually connected are distinguished.

[0077] Here, an exemplary case of using DTCP (Digital TransmissionContents Protection) as a mechanism for device authentication and keyexchange and contents encryption/decryption at a time oftransmitting/receiving contents will be described. The DTCP is a cntenttransmission copyright protection scheme that is de facto standard inthe IEEE 1394 and USB, and provided with a mechanism for carrying outthe authentication and key exchange between the transmission device andthe reception device, and transferring AV data by encrypting the AV datathat requires the copyright protection (see documents disclosed at“http://www.dtcp.com”, for example).

[0078]FIG. 2 shows an exemplary internal configuration of the sourcedevice A 15 or the source device D 16. As shown in FIG. 2, the sourcedevice A 15 or D 16 has a network Interface unit 21 for executing thephysical layer processing of the Ethernet, a communication processingunit 22 for executing the datalink layer processing, a MAC addressrecording unit 24 for recording a MAC address of the network interfaceof the sink device into a MAC address table 23, a sink device MACaddress search processing unit 25 for searching the MAC address from theIP address of the sink device, a MAC address comparison processing unit26 for checking whether the MAC address acquired by the sink device MACaddress search processing unit 25 and the MAC address recorded in theMAC address recording unit 24 coincide or not, an authentication and keyexchange processing unit 27 for carrying out the DTCP authentication andkey exchange processing for the purpose of the copyright protection, aDTCP encryption processing unit 28 for encrypting/decrypting data to betransmitted/received, a packet processing unit 29 for converting thecontents data to be transmitted to the sink device and the DTCPmanagement data into IP packets, a VPN server unit 40 for making the VPNconnection as a VPN server upon receiving a VPN connection request froma VPN client, and a contents providing unit 30 for providing thecontents to the packet processing unit 29.

[0079] Here, it is assumed that L2TP (Layer z Tunneling Protocol) isused as an exemplary VPN protocol. The L2TP is widely used for realizingthe VPN, and the standardization of the L2TP is in progress by the IETF(see documents disclosed at “http://www.letf.org”, for example.

[0080] Note also that it is assumed that the source device A 15 and thesource device D 16 have the identical configuration, but it is notabsolutely necessary to provide the VPN server unit 40 in the sourcedevice D16, because the source device D 16, the sink device B 11 and thesink device C 12 are connected on the identical Ethernet segment so thatthere is no need to make a connection by using the VPN.

[0081] Note also that the comparison processing is a processing forchecking whether the MAC address corresponding to the IP address or thedevice ID of the sink device that is a contents transmission target isrecorded in the MAC address table 23 or not, and checking whether thevalues of the MAC addresses coincide or not.

[0082]FIG. 3 shows a structure of the MAC address table 23. As shown inFIG. 3, the IP address, the MAC address and the DTCP device IDcorresponding to each sink device are recorded in each record. The MACaddress comparison processing unit 26 searches the MAC address by usingthe IP address or the device ID acquired from the sink device as a key,from this MAC address table 23.

[0083]FIG. 4 shows an exemplary internal configuration of the sinkdevice B 11 or C 12. As shown in FIG. 4, the sink device B 11 or C 12has a network interface unit 31 for executing the physical layerprocessing of the Ethernet, a communication processing unit 32 forexecuting the datalink layer processing, a MAC address transmission unit33 for acquiring the MAC address stored in the network interface unit 31and transmitting it to the source device, a VPN client unit 34 formaking the connection to the VPN server via the Internet as a VPNclient, a DTCP authentication and key exchange processing unit 35 forcarrying out the DTCP authentication and key exchange processing for thepurpose of the copyright protection, a DTCP encryption processing unit36 for encrypting/decrypting the data to be transmitted/received, apacket processing unit 37 for converting the IP packets received fromthe source device into the contents data or the DTCP management data,and a contents processing unit 38 for carrying out a processing foroutputting the decrypted contents to a display device or storing thedecrypted contents.

[0084] Here, it is assumed that the sink device B 11 and the sink deviceC 12 have the identical configuration, but in the case where the sourcedevice D 16 and the sink device C 12 carry but communications, there isno need for the VPN connection, so that it is not absolutely necessaryto provide the VPN client unit 34 in the sink device.

[0085] Note also that, in the configurations described above, the sourcedevice A 15 has the VPN server unit 40 and the sink device B 11 has theVPN client unit 34, but what is important is that the source device A 15and the sink device B 11 carry out communications by the VPN, so that itis also possible to use configurations in which the VPN functions areinterchanged, i.e., configurations in which the source device A 15 hasthe VPN client unit 34 and the sink device B 11 has the VPN serverdevice 40.

[0086]FIG. 5 and FIG. 6 show a processing procedure of the communicationsystem in this embodiment, and FIG. 7 shows a processing procedure ofthe source device A 15, in the following, the exemplary case oftransmitting the contents from the source device D 16 to the sink deviceC 12 will be described first with references to FIG. 6 and FIG. 7.

[0087] First, when a contents transmission request is made from the sinkdevice C 12 to the source device D 16 (step S1), the DTCP authenticationand key exchange processing is carried out (step S2).

[0088] Note that when the contents transmission request is made, it isalso possible to set the TTL field of the IP packets equal to one at atime of transmitting management data regarding the authentication andkey exchange for the purpose of the copyright protection and thecontents to the sink device C 12 (steps S2, S11). In addition, asdescribed in the background art section above, it is also possible tocarry out the comparison processing regarding whether the networkaddresses of the sink device and the source device coincide or not. Ifthe network addresses of the sink device C 12 and the source device D 11are different, a prescribed error processing is carried out and thecommunication is interrupted. These processings may be carried outbefore, during, or after the authentication and key exchange processing.

[0089] When the DTCP authentication and key exchange processing succeeds(step S3), the source device D 16 transmits a command for requesting atransmission of the MAC address to the sink device C 12 (step S4). Thiscommand can be an independent command or a “MAC address request command”added to the group of commands defined by the DTCP. Upon receiving theMAC address request command, the sink device C 12 transmits the MACaddress to the source device D 16 through the MAC address transmissionunit 33 (step S5).

[0090] At this point, it is also possible to attach a signature forproving that the MAC address is nor altered on the communication route.This signature can be attached by the well known method such as ISO/IEC14888, for example.

[0091] When the MAC address of the sink device C 12 is acquired (stepS13), the source device D 16 registers the MAC address into the MACaddress table 23 (steps S6, S14). At this point, the MAC address and theIP address or the DTCP device ID of the sink device C 12 may be recordedas a set.

[0092] What is described above is a method for registering the MACaddress of the sink device C 12 into the MAC address table 23 byreceiving the MAC address from the sink device C 12 via the network. Itis also possible to realize this registration by many other methods. Forexample, it is possible to use (1) a method for inputting the MACaddress of the sink device C 12 into the source device D 16 by the userin advance by using an interface such as buttons, or (2) a method forrecording the MAC address into the MAC address table 23 of the sourcedevice D 18 by using a card or the like that records the MAC address ofthe sink device C 12.

[0093] Next, the source device D 16 transmits a packet for making aninquiry of the MAC address by using the IP address to the Ethernetsegment A 10. This can be realized by the well known method such as theARP (Address Resolution Protocol) defined by RFC 826, for example. Ifthey are connected to the identical segment physically, the host havingthat IP address returns the MAC address assigned to the own device as aresponse (steps S8, S15). For example, when the source device D 16transmitted a request of the ARP to the IP address “192.168.1.5”, thesink device C 12 with the IP address “192.168.1.5” returns its own MACaddress “CC:CC:CC” as a response to the source device D 16.

[0094] Next, the source device D 16 carries out the comparisonprocessing for checking whether the MAC address of the sink device C 12acquired as a result of the MAC address request command and the MACaddress acquired by the ARP coincide or not (steps S9, S16). If twovalues coincide, the processing is continued (steps S17, S18).

[0095] At the step S7 described above, it is also possible to search theMAC address by using the device ID as a key, instead of using the IPaddress as a key, at a time of searching the MAC address of thecorrespondent sink device from the MAC address table 23.

[0096] In the comparison processing of the above described step S16, ifthe MAC addresses do not coincide, a prescribed error processing iscarried out and the communication is interrupted (steps S10, S19). Also,when the MAC address of the sink device C 12 cannot be acquired by theARP, a prescribed error processing is carried out and the communicationis interrupted. In this example, the value registered in the MAC addresstable in advance and the value acquired by the ARP are identical so thatthe contents transmission processing is carried out.

[0097] Next, an exemplary ease of transmitting the contents from thesource device A 15 to the sink device B 11 is shown in FIG. 5. Thesource device A 15 is connected to the sink device B 11 by the VPN, andin a state capable of carrying out communications. The processing bywhich the source device A 15 requests the MAC address to the sink deviceB 11, acquires the MAC address of the sink device B 11 by the upperlevel protocol of the IP, and records the MAC address (step S6) can becarried out similarly as in the case of transmission from the sourcedevice D 16 to the sink device C 12. The source device A 15 transmits apacket for inquiring the MAC address by using the IP address of the sinkdevice B 11 (the ARP packet, for example), to the Ethernet segment towhich the source device A 15 is connected. In this case, the sink deviceB 11 is not connected to that Ethernet segment, so that the sink deviceB 11 will never return its own MAC address “CC:CC:CC” as a response. Forthis reason, the source device A 15 will not acquire the MAC address ofthe sink device B 11 and the MAC address comparison processing willfall. As a result, the source device A 15 carries out the errorprocessing and the communication is terminated without transmitting thecontents to the sink device B 11.

[0098] Note that at a time of the error processing when the MACaddresses do not coincide or at a time of disconnecting the connectionwith the sink device, the record regarding the sink device may be storedor may be deleted. For example, when the IP address of the sink deviceis assigned by the DHCP, the IP address at a time of the next access canbe different so that it is preferable to delete the record so as to savethe memory capacity of the table and simplify the configuration of thedevice.

[0099] In the above, the exemplary case of carrying out the MAC addresschecking processing only when the authentication succeeds in the DTCPauthentication and key exchange processing has been described. Besidesthat, there are other methods for checking the MAC address including (1)a method for transmitting the MAC address along with the DTCP contentsrequest command at a time of transmitting the contents request from thesink device to the source device, and (2) a method for carrying out theMAC address checking processing prior to the DTCP authentication and keyexchange processing.

[0100] What is important here is that the sink device has a function fortransmitting the MAC address to the source device by the method which isnot the Ethernet, and it is possible to judge whether the sink deviceand the source device are physically connected to the Ethernet segmentor not even if the sink device and the source device are on theidentical sub-net, by comparing the MAC address with the MAC addressacquired by the processing for searching the MAC address by using the IPaddress on the Ethernet.

[0101] Even if the router device physically connected to the sameEthernet segment as the source device A 15 forges the MAC address andtransmits the same MAC address as the MAC address of the sink device B11 as a response to the MAC address request from the source device A 15,the source device A 15 would transmit the Ethernet packets to thatforged MAC address, so that the sink device B 11 cannot receive thesepackets and the object of limiting the contents distribution range canbe achieved.

[0102] Next, the contents transmission/reception in the case where a VPNserver device is connected between the source device and the sink deviceas shown in FIG. 8 will be described. The contentstransmission/reception system of FIG. 8 has a source device B 51, thesink device C 52, a VPN server device F 53 and a router device D 54which are connected to the identical Ethernet segment A 50, and a sinkdevice. A 56 connected to the VPN server device F 53 through theInternet 55 and a sink device E 58 connected to an Ethernet segment B57.

[0103] The source device B 51, the sink device C 52, the VPN serverdevice F 53 and the router device D 54 have the identical networkaddress so as to constitute a local network.

[0104] The sink device A 56 has a global IP address assigned and is in astate capable of making the connection to the VPN server device F 53through the Internet 55 by using the VPN client function.

[0105] In the contents transmission/reception system of FIG. 8, the caseof transmitting the contents from the source device B 51 to thevirtually connected sink device A 56 via the VPN server device F 53 willbe considered how.

[0106] First, the procedure by which the source device B 51 receives theMAC address from the sink device A 56 and registers it can be the sameas the above described procedure. Then, the source device B 51 transmitsa packet for inquiring the MAC address by using the IP address of thesink device A 56 to the Ethernet segment A 50.

[0107] Since the sink device A 56 is not physically connected to theEthernet segment A 50, the VPN server device F 53 returns its own MACaddress as a proxy of the MAC address of the sink device A 56 as aresponse. The source device B 51 carries out the comparison processingfor these two MAC addresses, but the MAC address of the sink device A 56and the MAC address of the VPN server device F 53 are different so thatthe values do not coincide. For this reason, the contents transmissionprocessing will be interrupted.

[0108] Next, the case of transmitting the contents from the sourcedevice B 51 to the sink device E 58 will be considered. The sourcedevice B 51 requests the MAC address to the sink device 58, and acquiresthe MAC address of the sink device E 58 by the upper level protocol ofthe IP. However, in this configuration, the Ethernet segment A 50 towhich the source device B 51 is connected and the Ethernet segment B 57to which the sink device E 58 is connected are different. Consequently,even if the source device B8 51 transmits a packet for inquiring the MACaddress by using the IP address of the sink device E 58, this packetwill not be transferred to the sink device E 58 by the router device D54, and the source device B 51 will not receive the MAC address from thesink device E 58. As a result, the MAC address comparison processingcarried out by the source device B 51 will fall and the contentstransmission processing will be interrupted.

[0109] By the processing described above, the source device B 51 of FIG.8 can permit the contents transmission/reception to the sink device C 52that is connected to the identical Ethernet segment A 50, and surelyprohibit the contents transmission/reception to the sink device A 56that is connected through the VPN server device F 53 and the sink deviceE 58 that belongs to a different Ethernet segment B 57 through therouter device D 54.

[0110] In this way, according to this embodiment, in the contentstransmission/reception system in a configuration shown in FIG. 8, forexample, the source device B 51 can permit the contentstransmission/reception only to the sink device C 52 that is connected tothe identical Ethernet segment A 50, and surely prohibit the contentstransmission/reception to the sink device connected through the VPNserver device F 53, for example. As a result, it is possible to preventthe illegal contents transmission/reception.

[0111] In the above, the configuration in which the sink device A 56 hasthe VPN client function and makes the connection to the Ethernet segmentA 50 via the VPN server device F 53, but this embodiment is alsoapplicable to the configuration in which the source device has the VPNclient function.

[0112]FIG. 9 shows a schematic configuration in the case where theconnected states of the source device and the sink device areinterchanged. Unlike FIG. 8, the contents transmission/reception systemof FIG. 9 has a source device A 41 which has the VPN client function andis connected to the VPN server device F 13 via the Internet 15, a sinkdevice B 43, a sink device C 44 and a router device D 45 which areconnected to the Ethernet segment A 42, and a sink device E 47 which isconnected to the router device D 45 through the Ethernet segment B 46.

[0113] Namely, the sink device B 43 and the sink device C 44 that areconnected to the VPN server device F 13 are existing at locationscapable of carrying out communications with the source device A 41 viathe VPN server device F 13. However, the source device A 41 and the sinkdevices B 43 and C 44 are connected to the different local area network,so that the transmission/reception of the contents that require thecopyright protection should not be permitted between them.

[0114] Here, the source device A 41 requests the MAC address to the sinkdevice B 43, and acquires the MAC address of the sink device B 43 by themethod which is not the IP. The source device A 41 transmits a packet(an ARP packet, for example) for inquiring the MAC address by using theIP address of the sink device B 43 to the Ethernet segment to which thesource device A 41 is connected. In this case, the sink device B 43 isnot connected to that Ethernet segment, so that the sink device B 43will never return its own MAC address “BB:BB:BB” as a response. As aresult, the source device A 41 will not acquire the MAC address of thesink device B 43, and the MAC address comparison processing will fail.Consequently, the source device A 41 will carry out the errorprocessing, and terminate the communication without transmitting thecontents to the sink device B 43. In this way, it is possible to preventthe contents transmission/reception to the sink device B 43, and thecontents distribution range of the source device A 41 can be limitedwithin the local area network of the source device A 41.

SECOND EMBODIMENT

[0115] The second embodiment is directed to a configuration in which theVPN server device and the VPN client device are provided between thesink device and the source device such that the tunneling between twonetworks is realized by the VPN devices.

[0116]FIG. 10 shows a configuration of the contentstransmission/reception system in which a VPN server device F 13 and aVPN client device G 49 are provided between a sink device A 48 and asource device B 43 such that the tunneling between two networks isrealized by the VPN server device F 13 and the VPN client device G 49.FIG. 11 shows the internal configuration of the source device and FIG.12 shows the internal configuration of the sink device in the contentstransmission/reception system shown in FIG. 10.

[0117] Unlike FIG. 1 and FIG. 8, the contents transmission/receptionsystem of FIG. 10 has the VPN server device F 13 and the VPN clientdevice G 49 provided between the sink device A 48 and the source deviceB 43, which are connecting the respective networks. However, theEthernet segment A 42 to which the source device B 43 belongs and theEthernet segment B 46 to which the sink device A 48 belongs aredifferent, so that the MAC address of the sink device A 48 cannot beacquired by the MAC address search request from the source device B 43,and the comparison processing will fall. As a result, it is possible toconfirm that the sink device A 48 does not exists in the Ethernetsegment A 42 to which the source device B 43 belongs.

[0118] In this way, in this second embodiment, the contents transmissionto the sink device connected to the different Ethernet segment can besurely prohibited by permitting the contents transmission only when thethe MAC addresses coincide as a result of the MAC address comparison.

[0119] In the embodiments described above, when the sink devicetransmits its own MAC address in response to the request from the sourcedevice, it is also possible to transmit the MAC address by attaching anelectronic signature. When the electronic signature is attached to theMAC address from the sink device, the source device carries out theverification processing to check whether the MAC address has beenaltered or not, and records the MAC address into the MAC address tableonly when the MAC address has not been altered. In this way, the forgeryof the MAC address can be surely prevented and the security performancecan be improved.

[0120] Also, the embodiments described above are directed to anexemplary case of carrying out the MAC address comparison inside thesource device, but it is also possible to carry out the MAC addresscomparison inside the sink device which is the contents receiving side.For example, in the case where the roles of the sink device B 11corresponding to the source device A 15 and the source device A 15 areinterchanged in the configuration shown in FIG. 1, the internalconfiguration of the source device A 15 becomes as shown in FIG. 13, andthe internal configuration of the sink device B 11 becomes as shown inFIG. 14.

[0121] In this case, the contents reception from the source device ispermitted only when the source device transmits its own MAC address tothe sink device and the MAC addresses coincide as a result of the MACaddress comparison inside the sink device, and the contents receptionrefusal message is transmitted to the source device otherwise, such thatthe contents transmission target can be limited.

[0122]FIG. 15 shows three types of the VPN device connection state. TheVPN device carries out the subtraction of the TTL because it carries outthe routing by itself. Namely, in order to carry out communicationsbetween the sink device and the source device through the VPN device asshown in FIG. 15, the TTL field of the IP header have to be set greaterthan or equal to an appropriate value.

[0123] For example, in the configuration of the environment A shown inFIG. 15, the VPN device carries out the routing, so that the subtractionof the TTL field is carried out at each VPN device. Consequently, inorder to carry out communications between the sink device A-A and thesource device A-B, the TTL value have to be set greater than or equal to3. Similarly, in the configuration of the environment B, in order tocarry out communications between the sink device B-A and the sourcedevice B-B, the TTL value have to be set greater than or equal to 3.

[0124] For this reason, by setting the TTL value equal to 1, it ispossible to limit the contents distribution through the VPN device inthe environment A and the environment B. Here, it should be noted thatthe TTL field can be changed easily. For example, if a malicious userplaces a TTL changing device for increasing the TTL field to a certainvalue between the source device and the VPN device, it would becomepossible to transmit/receive the contents beyond the distribution rangeassumed by the source device and the sink device.

[0125] However, by using the method described above, even if the TTLchanging device is placed, because the source device and the sink deviceare not physically belonging to the identical segment, it is stillimpossible to learn the MAC address of the correspondent by the ARP, sothat the influence of the TTL changing device can be avoided.

[0126] Namely, according to the embodiments described above, theexistence of the VPN can be detected in a uniform manner regardlesswhether the environment is A, B or C, so that the contents distributionrange can be limited.

THIRD EMBODIMENT

[0127] In the first and second embodiments described above, if the sameMAC address as that of the sink device is set to the router device orthe VPN device that is physically connected to the identical Ethernetsegment as the source device, there is a possibility of becomingimpossible to accurately judge whether the source device and the sinkdevice are physically connected to the identical Ethernet segment ornot.

[0128] For this reason, the third embodiment resolves such a potentialproblem of the first and second embodiments.

[0129]FIG. 16 shows a schematic configuration of the contentstransmission/reception system according to the third embodiment of thepresent invention. The VPN server device F 53 of FIG. 18 has the sameMAC address value “AA:AA:AA” as the sink device A 56, unlike FIG. 8.

[0130] In principle, the MAC address is assigned to be different fordifferent physical network interfaces by each manufacturing vendor.However, suppose that the MAC addresses happen to coincide despite ofthis principle, or a malicious user gives the same MAC address values asthe sink device to the VPN server device or the router device in orderto circumvent the MAC address comparison check processing.

[0131] In this case, the value of the MAC address obtained by theprocessing (ARP, for example) for searching the MAC address by using theIP address on the Ethernet by the source device B 51 is “AA:AA:AA” whichis the MAC address of the VPN server device. As a result, the MACaddress “AA:AA;AA” of the sink device A 56 acquired by the upper levelprotocol coincides with the value of the MAC address obtained by theprocessing for searching the MAC address by using the IP address, sothat it is impossible to judge whether the source device and the sinkdevice are physically connected to the identical Ethernet segment ornot.

[0132] In the third embodiment, even if the VPN device or the routerdevice that is physically connected to the identical Ethernet segment asthe source device has the MAC address identical to that of the sinkdevice, it is made possible to check whether the source device and thesink device are physically connected to the identical segment or not, bychecking whether the address resolution request has been made surelybetween the source device and the sink device or not.

[0133]FIG. 17 shows an internal configuration of the source device B 41according to the third embodiment. The difference from the configurationof FIG. 2 is that it has a MAC address search advance notice processingunit 62 for transmitting a message for explicitly notifying that “theMAC address search request will be sent from now” (this message will bereferred to as a MAC address search advance notice) before transmittinga message for searching the MAC address by using the IP address to thesink device, and carrying out a processing for checking whether a searchadvance notice response is transmitted from the sink device or not.

[0134]FIG. 18 shows an internal configuration of the sink device A 56according to the third embodiment. The difference from the configurationof FIG. 4 is that it has a MAC address search advance notice receptionprocessing unit 63 for receiving the MAC address search advance noticetransmitted from the source device and carrying out a prescribedprocessing.

[0135]FIG. 19 shows a processing procedure in the third embodiment,which is a processing procedure in the case where the source device andthe sink device are physically existing in the identical segment (thecase where the source device B 51 and the sink device C 52 shown in FIG.8 carry out communications, for example).

[0136] Here, in order to simplify the explanation, it is assumed thatthe DTCP authentication and key exchange processing (step S3), the MACaddress request (step S4) and the MAC address transmission (step S5)shown in FIG. 5 have been carried out, the DTCP authentication and keyexchange has succeeded so that the source device has acquired the MACaddress of the sink device.

[0137] First, the source device transmits the message for requesting thesearch of the MAC address by using the IP address and the MAC addresssearch advance notice to the sink device (steps S31 to S33). The MACaddress search advance notice can be transmitted by the upper levelprotocol of the Ethernet (by the IP packet, for example). Note thatthese messages may be transmitted simultaneously or separately.

[0138] The sink device transmits its own MAC address to the sourcedevice as a response to the MAC address search request (step S34). Also,the sink device records the fact that the MAC address search requesttransmitted from the source device has received.

[0139] The source device carries out the processing for comparing theMAC address received as a result of the MAC address search request andthe MAC address acquired in advance (step S35). Here, the MAC addressescoincide so that the comparison processing succeeds and the sourcedevice transmits the contents to the sink device (step S36).

[0140] On the other hand, the sink device carries out the processing forchecking whether the MAC address search request has received or not(step S37). Here, if the MAC address search request message from thesource device has received, the processing will be continued (step S38).If the MAC address search request message has not received, theprocessing will be interrupted. In this case, the sink device hasreceived the MAC address search request at the step S33, so that thischecking processing succeeds and the reception of the contents will bestarted.

[0141]FIG. 20 shows a processing procedure in the third embodiment inthe case where the source device and the sink device are not physicallyexisting in the identical segment (the case where the source device B 51and the sink device A 56 shown in FIG. 8 carry out communications, forexample).

[0142] Similarly as in the case of FIG. 19, first, the source devicetransmits the message for requesting the search of the MAC address byusing the IP address and the MAC address search advance notice to thesink device (steps S41 and S42).

[0143] The MAC address search advance notice is transmitted to the sinkdevice by the method which is not the Ethernet, so that the sink devicereceives the MAC address search advance notice even if the VPN serverexists in a middle.

[0144] However, as far as the MAC address search request is concerned,the sink device is not physically connected to the identical Ethernetsegment so that the VPN server device makes a response as a proxy (stepS43) and the sink device cannot receive this search request.

[0145] Here, if the MAC address or the VPN server device and the MACaddress of the sink device coincide, the MAC address comparisonprocessing at the source device succeeds (step S44) so that the sourcedevice transmits the contents (step S45) despite of the fact that thesink device does not physically exists in the identical Ethernetsegment.

[0146] On the other hand, the sink device checks whether the MAC addresssearch request message has received or not (step S46), and when it isascertained that this request message has not received, the sink deviceinterrupts the contents reception (step S47). Then, the sink device maytransmit a contents transmission interruption request message to thesource device (step S48), such that upon receiving this message, thesource device interrupts the contents transmission to the sink device(step S49).

[0147] In this way, in the third embodiment, according to whether thesink device has received the MAC address search request message or not,it is possible to check whether the source device and the sink deviceare physically existing in the identical segment or not, even if adevice that makes a response to the MAC address search request byforging the MAC address exists between the source device and the sinkdevice.

[0148] Note that, in the third embodiment, as long as the sink devicecan receive the MAC address search request from the source device, it isnot absolutely necessary to transmit the MAC address search advancenotice from the source device to the sink device. However, in order toconfirm that the MAC address search request message is the onetransmitted from the source device, the MAC address or the IP addressthe source device or both can be included in the MAC address searchadvance notice to be transmitted to the sink device. In this way, whenthe sink device receives the MAC address search request, it becomespossible to judge whether it is the one transmitted from the sourcedevice or not.

[0149] Also, the sink device can comprehend the need to monitor the MACaddress search request upon receiving the MAC address search advancenotice, so that there is no need to monitor the MAC address searchrequest until the MAC address search advance notice is received, and theprocessing load of the sink device in the normal state can be reduced.

FOURTH EMBODIMENT

[0150] The fourth embodiment is directed to the case of checking whetherthe sink device and the source device are existing in the identicalsegment or not by a processing procedure different from the thirdembodiment.

[0151]FIG. 21 shows an internal configuration of the source device inthe fourth embodiment. The source device of FIG. 21 has a MAC addresssearch advance notice response reception processing unit 64 for judgingwhether the MAC address search advance notice response from the sinkdevice has received or not, in addition to the configuration of thesource device shown in FIG. 17.

[0152]FIG. 22 shows an internal configuration of the sink device in thefourth embodiment. The sink device of FIG. 22 has a MAC address searchadvance notice response processing unit 65 for carrying out control totransmit to the source device the MAC address search advance noticeresponse which is a response to the MAC address search advance noticefrom the source device, in addition to the configuration of the sinkdevice shown in FIG. 18.

[0153]FIG. 23 shows a processing procedure in the fourth embodiment,which is a processing procedure in the case where the source device andthe sink device are physically existing in the identical segment (thecase where the source device B 51 and the sink device C 52 shown in FIG.8 carry out communications, for example). Here again, in order tosimplify the explanation, it is assumed that the DTCP authentication andkey exchange has succeeded and the source device has acquired the MACaddress of the sink device by another method, similarly as in the casesof FIG. 19 and FIG. 20.

[0154] First, the source device transmits the message for requesting thesearch of the MAC address by using the IP address and the MAC addresssearch advance notice to the sink device (steps S51 and S52). Note thatthese messages may be transmitted simultaneously or separately.

[0155] The sink device transmits a message containing its own MACaddress and the search advance notice response to the source device as aresponse to the MAC address search request (step S53). This searchadvance notice response can be transmitted by the upper level protocolof the Ethernet (by the IP packet, for example). Also, the searchadvance notice response message may contain the MAC address of thesearch request source or the search result transmission target.

[0156] The source device receives the MAC address and the search advancenotice response message as a response to the MAC address search request(step S54). Note that the sink device may attach the signature and thetimestamp in order to indicate that this message is not altered, and thesource device may carry out the processing for verifying the signature.

[0157] The source device carries out the processing for comparing theMAC address received as a result of the MAC address search request andthe MAC address acquired in advance as a result of the MAC addressrequest (step S65). Here, the MAC addresses coincide so that thecomparison processing succeeds.

[0158] Also, the source device carries out the processing for checkingwhether the search advance notice response has received or not (stepS56). In this checking processing, if the search advance notice responsemessage from the sink device has received, the processing will becontinued, whereas if it has not received, the processing will beinterrupted. Here, the MAC address search advance notice response hasreceived at the step S54, so that this checking processing succeeds andthe Transmission of the contents will be started (step S57).

[0159] Note that, in the case where the timestamp is contained in thesearch advance notice response message, it is also possible to checkthat the value T1 of the timestamp is after the time T0 at which the MACaddress search advance notice was sent by the source device and beforethe time T2 at which the MAC address was received.

[0160]FIG. 24 shows a processing procedure in the fourth embodiment inthe case where the source device and the sink device are not physicallyexisting in the identical segment (the case where the source device B 51and the sink device A 56 shown in FIG. 8 carry out communications, forexample).

[0161] First, the source device transmits the MAC address search requestand the MAC address search advance notice to the sink device (steps S61and S62). The MAC address search advance notice is transmitted by theupper level protocol of the Ethernet, so that the sink device receivesthe MAC address search advance notice. However, as far as the MACaddress search request is concerned, the sink device is not physicallyconnected to the identical Ethernet segment SD that the VPN serverdevice makes a response as a proxy (step S63) and the sink device cannotreceive this search request. For this reason, the sink device will nevertransmit the MAC address search response and the MAC address searchadvance notice response to the source device.

[0162] On the other hand, the source device receives the MAC addressfrom the VPN server device. Here, if the MAC address of the VPN serverdevice and the MAC address of the sink device coincide, the MAC addresscomparison processing at the source device succeeds (step S64). However,the search advance notice response has not received, so that thechecking processing fails (step S65), and the source device interruptsthe contents transmission (step S66).

[0163] What requires attention here is that the message for requestingthe search of the MAC address by using the IP address is transmitted notonly by the source device but also by the general router device or thelike. For this reason the sink device cannot ascertain the MAC addresssearch advance notice response for responding to which request messageshould be transmitted to the source device. Consequently, bytransmitting the IP address or the MAC address of the source device orboth by the MAC address search advance notice, it becomes possible forthe sink device to judge that the MAC address search advance noticeresponse for responding to the request message transmitted from aspecific IP address or MAC address should be transmitted.

[0164] In this way, in the fourth embodiment, the MAC address searchadvance notice is transmitted from the source device to the sink deviceby the method which is not the Ethernet, so that even if the routerdevice or the VPN device that has the same MAC address as the sinkdevice exists between the source device and the sink device, it ispossibly for the sink device to accurately judge whether it is connectedto the identical segment as the source device or not according towhether a response to this notice has received, and therefore it ispossible to realize the copyright protection for the contents.

[0165] Also, this MAC address search advance notice and its response areused for the purpose of the copyright protection of the contents, andthe placing of a device for transmitting a forged response to the MACaddress search advance notice in order to cause an error in thejudgement can be regarded as an intentional placing for the purpose ofevading the copyright protection of the contents.

[0166] Note that, in the above, it has been assumed that the MAC addresssearch advance notice and the MAC address search advance notice responseuse the upper level protocol of the Ethernet, but they may be defined asone of a group of commands defined by the DTCP. In this case, the MACaddress search advance notice and the MAC address search advance noticeresponse can be made as parts of the DTCP authentication and keyexchange processing, so that it is possible to simplify the deviceconfigurations.

FIFTH EMBODIMENT

[0167] The fourth embodiment described above is directed to theconfiguration in which the source device transmits the MAC addresssearch advance notice to the sink device and the sink device transmitsthe MAC address search advance notice response to the source device. Incontrast, the fifth embodiment is directed to the configuration in whichthe sink device transmits the MAC address search advance notice to thesource device and the source device transmits the MAC address searchadvance notice response to the sink device.

[0168]FIG. 25 shows an internal configuration of the source device inthe fifth embodiment. The source device of FIG. 25 has a configurationin which the MAC address recording unit 24, the MAC address searchprocessing unit 25 and the MAC address comparison processing unit 26 areomitted from the source device of FIG. 17 while the MAC address searchadvance notice reception processing unit 63, the VPN client unit 34 andthe MAC address transmission unit 33 similar to those of the sink deviceof FIG. 18 are added.

[0169]FIG. 26 shows an internal configuration of the sink device in thefifth embodiment. The sink device of FIG. 26 has a configuration inwhich the MAC address search advance notice reception processing unit63, the VPN client unit 34 and the MAC address transmission unit 33 areomitted from the sink device of FIG. 18 while the MAC address recordingunit 24, the MAC address search processing unit 25, the MAC addresscomparison processing unit 26, and the MAC address search advance noticeprocessing unit 62 similar to those of the source device of FIG. 17 areadded.

[0170]FIG. 27 shows a processing procedure in the fifth embodiment inthe case where the source device and the sink device are physicallyexisting in the identical segment. Note that, as a prerequisite forstarting the processing of FIG. 27, it is assumed that the DTCPauthentication and key exchange has carried out between the sink deviceand the source device and the sink device has acquired the MAC addressof the source device in advance.

[0171] First, the sink device transmits the MAC address search requestand the MAC address search advance notice to the source device (stepS71), and carries out the MAC address search by using the IP address ofthe source device (step S72).

[0172] Upon receiving the MAC address search request from the sinkdevice (step S73), the source device transmits its own MAC address tothe sink device (step S74).

[0173] The sink device carries out the processing for comparing the MACaddress transmitted from the source device and the MAC address of thesource device acquired in advance to see whether they coincide or not(step S75), and if they coincide, the sink device receives the contentsfrom the source device (step S76).

[0174] The source device carries out the processing for checking whetherthe MAC address search request from the sink device has received or not(step S77), if it has received, the source device continues the contentsreception (step S78), whereas if it has not received, a prescribed errorprocessing is carried out and the contents reception is interrupted.

[0175]FIG. 28 shows a processing procedure in the fifth embodiment inthe case where the source device and the sink device are not physicallyexisting in the identical segment. In this case, the source device isnot physically connected to the identical segment as the sink device,the MAC address search advance notice transmitted by the method which isnot the Ethernet from the sink device reaches to the source device (stepS81), but even if the search of the MAC address by using the IP addressof the source address is attempted (step S82), the VPN server devicemakes a response as a proxy (step S83).

[0176] If the MAC address of the VPN server device and the MAC addressof the source device are identical, the MAC address comparisonprocessing at the sink device succeeds (step S84), and the source devicetransmits the contents to the sink device (step S85).

[0177] However, the source device has not received the MAC addresssearch request (step S86), so that the contents transmission isinterrupted (step S87).

[0178] In this way, in the fifth embodiment, the contents transmissioncan be interrupted surely as long as the source device is not connectedto the identical segment, even if the MAC address of the VPN serverdevice that is connected to the identical segment as the sink device isidentical to the MAC address of the source device.

SIXTH EMBODIMENT

[0179] The sixth embodiment is directed to the case in which, uponreceiving the MAC address search advance notice from the sink device,the source device transmits a response to it to the sink device, in theconfiguration of the fifth embodiment,

[0180]FIG. 29 shows an internal configuration of the source device inthe sixth embodiment. The source device of FIG. 29 has the MAC addresssearch advance notice response processing unit 65 for carrying outcontrol to transmit the MAC address search advance notice response tothe sink device, in addition to the configuration of the source deviceof FIG. 25.

[0181]FIG. 30 shows an internal configuration of the sink device in thesixth embodiment. The sink device of FIG. 30 has the MAC address searchadvance notice response reception processing unit 64 for carrying outcontrol to receive the MAC address search advance notice response fromthe source address, in addition to the configuration of the sink deviceof FIG. 26.

[0182]FIG. 31 shows a processing procedure in the sixth embodiment inthe case where the source device and the sink device are physicallyexisting in the identical segment. Note that, as a prerequisite forstarting the processing of FIG. 31, it is assumed that the DTCPauthentication and key exchange has carried out between the sink deviceand the source device, and the sink device has acquired the MAC addressof the source device in advance. In the following, the difference fromthe case of FIG. 27 will be mainly described.

[0183] When the source device receives the MAC address search advancenotice from the sink device (step S91), the source device transmits aresponse to it (the MAC address search advance notice response) to thesink device (step S93).

[0184] The sink device receives the MAC address search advance noticeresponse from the source device (step S95), and carries out the MACaddress comparison processing (step S96). Then, the sink device judgeswhether the MAC address search advance notice response has received ornot (step S97), and if it has received, the sink device receives thecontents transmitted from the source device (step S98).

[0185]FIG. 32 shows a processing procedure in the sixth embodiment inthe case where the source device and the sink device are not physicallyexisting in the identical segment. The sink device transmits the MACaddress search advance notice by using the method which is not theEthernet to the source device (step S101), so that the source device canreceive this notice, but when the MAC address search by using the IPaddress of the source address is carried out by the sink device (stepS102), the VPN server device that is located in the identical segment asthe sink device makes a response indicating the MAC address as a proxy(step S103).

[0186] If the MAC address of the VPN server device and the MAC addressof the source device are identical, the MAC address comparisonprocessing at the sink device succeeds (step S104), but the sink devicehas not received the MAC address search advance notice response fro thesource device (step S105) so that the sink device requests theinterruption of the contents transmission to the source device (stepS106) and the source device interrupts the contents transmission (stepS107).

[0187] In this way, in the sixth embodiment, the contents transmissionis carried out only when the response to the MAC address search advancenotice transmitted from the sink device to the source device is receivedby the sink device, so that it is possible to carry our the contentstransmission only in the case where the sink device and the sourcedevice are located in the identical segment.

[0188] As described above, according to the present invention, thetransmission of the contents to the corresponding reception device ispermitted only in the case where the device identification informationsearched out by the device identification information searching unit andthe device identification information registered by the deviceidentification information registration unit coincide, so that it ispossible to provide the contents only to the limited reception devices,and it is possible to prevent the illegal reception of the contents.

[0189] In this way, it is possible to change the contents distributionconditions by distinguishing the reception device physically connectedto the identical sub-net and the reception devices virtually connectedto the identical sub-net among a plurality of reception devices of thesame sub-net.

[0190] Also, according to the present invention, by checking whether thedevice identification information search request from the transmissiondevice has received by the reception device or not, it is possible tojudge whether the transmission device and the reception device areconnected to the identical segment or not easily and accurately.

[0191] It is also to be noted that, besides those already mentionedabove, many modifications and variations of the above embodiments may bemade without departing from the novel and advantageous features of thepresent invention. Accordingly, all such modifications and variationsare intended to be included within the scope of the appended claims.

What is claimed is:
 1. A contents transmission/reception system,comprising; a transmission device; and at least one reception devicethat receives contents from the transmission device: wherein thetransmission device has: an authentication and key exchange processingunit configured to carry out an authentication and key exchangeprocessing with a reception device that made a contents transmissionrequest; a device identification information transmission request unitconfigured to transmit a device identification information request tothe reception device, such that the reception device transmits a deviceidentification information; a device identification informationregistration unit configured to register the device identificationinformation transmitted from the reception device: a deviceidentification information search unit configured to search out thedevice identification information corresponding to an IP (InternetProtocol) address of the reception device, from a network to which threception device is connected; a comparison judgement unit configured tojudge whether the device identification information searched out by thedevice identification information search nit and the deviceidentification information registered by the device identificationinformation registration unit coincide or not; and a distributioncondition determination unit configured to change a distributioncondition for contents to be transmitted to the reception device thatmade the contents transmission request, according to a judgement resultobtained by the comparison judgement unit; and the reception device has:a contents transmission request unit configured to make the contentstransmission request to the transmission device; and a deviceidentification information transmission unit configured to transmit thedevice identification information of the reception device to thetransmission device, upon receiving the device identificationinformation request from the transmission device.
 2. The contentstransmission/reception system of claim 1, wherein the deviceidentification information is a MAC address of a network interface, andthe device identification information search unit transmits a MACaddress search request by using an IP address of the reception device asa key to a metwork segment to which the reception device is connected,and receives a MAC address search result.
 3. The contentstransmission/reception system of claim 2, wherein the deviceidentification information search unit searches out the MAC addresscorresponding to the IP address of the reception device by an ARP(Address Resolution Protocol).
 4. The contents transmission/receptionsystem of claim 2, wherein the device identification informationtransmission unit transmits the MAC address to the transmission deviceby attaching an electronic signature.
 5. The contentstransmission/reception system of claim 4, further comprising averification unit configured to verify whether the MAC address isaltered or not, when the electronic signature is attached to the MACaddress; wherein the device identification information registration unitregisters the MAC address only when the verification unit judges thatthe MAC address is not altered.
 6. The contents transmission/receptionsystem of claim 1, wherein the authentication and key exchangeprocessing unit carries out the authentication and key exchangeprocessing according to a DTCP (Digital Transmission ContentsProtection).
 7. The contents transmission/reception system of claim 1,wherein the reception device also has: a reception device sideauthentication and key exchange processing unit configured to carry outthe authentication and key exchange processing with the transmissiondevice; a network interface unit configured to receive encryptedcontents from the transmission device; and an encryption processing unitconfigured to decrypt the encrypted contents received by the networkinterface unit, by using a key exchanged by the reception device sideauthentication and key exchange processing unit.
 8. A contentstransmission device for transmitting contents to at least one receptiondevice, the contents transmission device comprising: an authenticationand key exchange processing unit configured to carry out anauthentication and key exchange processing with a reception device thatmade a contents transmission request; a device identificationinformation transmission request unit configured to transmit a deviceidentification information request to the reception device, such thatthe reception device transmits a device identification information; adevice identification information registration unit configured toregister the device identification information transmitted from thereception device; a device identification information search unitconfigured to search out the device identification informationcorresponding to an IP (Internet Protocol) address of the receptiondevice, from a network to which the reception device is connected; acomparison judgement unit configured to judge whether the deviceidentification information searched out by the device identificationinformation search unit and the device identification informationregistered by the device identification information registration unitcoincide or not; and a distribution condition determination unitconfigured to change a distribution condition for contents to betransmitted to the reception device that made the contents transmissionrequest, according to a judgement result obtained by the comparisonjudgement unit.
 9. A contents transmission/reception system, comprising:a transmission device; and at least one reception device that receivescontents from the transmission device; wherein a reception device has: acontents transmission request unit configured to make a contentstransmission request to the transmission device; a first authenticationand key exchange processing unit configured to carry out anauthentication and key exchange processing with the transmission deviceto which the contents transmission request is made; a deviceidentification information transmission request unit configured totransmit a device identification information request to tie transmissiondevice, such that the transmission device transmits a deviceidentification information; a device identification informationregistration unit configured to register the device identificationinformation transmitted from the transmission device; a deviceidentification information search unit configured to search out thedevice identification information corresponding to an IP (InternetProtocol) address of the transmission device, from a network to whichthe transmission device is connected; a comparison judgement unitconfigured to judge whether the device identification informationsearched out by the device identification information search unit andthe device identification information registered by the deviceidentification information registration unit coincide or not; and areception condition determination unit configured to determine areception condition for contents to be transmitted from the transmissiondevice to which the contents transmission request is made, according toa judgement result obtained by the comparison judgement unit; and thetransmission device has: a device identification informationtransmission unit configured to transmit the device identificationinformation of the transmission device to the reception device, uponreceiving the device identification information request from thereception device; a second authentication and key exchange processingunit configured to carry out an authentication and key exchangeprocessing with the reception device that made the contents transmissionrequest; and a contents transmission control unit configured to carryout contents transmission control according to the reception conditiondetermined by the reception condition determination unit.
 10. A contentsreception device for receiving contents from a transmission device, thecontents reception device comprising: a contents transmission requestunit configured to make a contents transmission request to thetransmission device; an authentication and key exchange processing unitconfigured to carry out an authentication and key exchange processingwith the transmission device to which the contents transmission requestis made; a device identification information transmission request unitconfigured to transmit a device identification information request tothe transmission device, such that the transmission device transmits adevice identification information; a device identification informationregistration unit configured to register the device identificationinformation transmitted from the transmission device; a deviceidentification information search unit configured to search out thedevice identification information corresponding to an IP (InternetProtocol) address of the transmission device, from a network to whichthe transmission device is connected; a comparison judgement unitconfigured to judge whether the device identification informationsearched out by the device identification information search unit andthe device identification information registered by the deviceidentification information registration unit coincide or not; and areception condition determination unit configured to determine areception condition for contents to be transmitted from the transmissiondevice to which the contents transmission request is made, according toa judgement result obtained by the comparison judgement unit.
 11. Acontents transmission/reception system, comprising: a transmissiondevice; and at least one reception device that receives contents fromthe transmission device; wherein the transmission device has: a deviceidentification information transmission request unit configured totransmit a device identification information request to a receptiondevice that made a contents transmission request, such that thereception device transmits a device identification information; a deviceidentification information registration unit configured to register thedevice identification information transmitted from the reception device;an advance notice unit configured to make a device identificationinformation search advance notice, to the reception device; a deviceidentification information search unit configured to search out thedevice identification information corresponding to an IP (InternetProtocol) address of the reception device, from a network to which thereception device is connected; a comparison judgement unit configured tojudge whether the device identification information searched out by thedevice identification information search unit and the deviceidentification information registered by the device identificationinformation registration unit coincide or not; a request responsereception judgement unit configured to judge whether a response to thedevice identification information search advance notice is received ornot; and a distribution condition determination unit configured todetermine a distribution condition for contents to be transmitted to thereception device that made the contents transmission request, accordingto judgement results obtained by the comparison judgement unit and therequest response reception judgement unit; and the reception device has:a device information transmission unit configured to transmit the deviceidentification information of the reception device and a deviceidentification information search advance notice response to thetransmission device, upon receiving the device identificationinformation request from the transmission device.
 12. The contentstransmission/reception system of claim 11, wherein the reception devicealso has: a device identification information search judgement unitconfigured to judge whether the device identification information searchrequest from the transmission device is received or not; and a contentsreception control unit configured to prohibit reception of contents fromthe transmission device when the device identification informationsearch judgement unit judges that the device identification informationsearch request is not received.
 13. A contents transmission device fortransmitting contents to at least one reception device, the contentstransmission device comprising: a device identification informationtransmission request unit configured to transmit a device identificationinformation request to a reception device that made a contentstransmission request, such that the reception device transmits a deviceidentification information; a device identification informationregistration unit configured to register the device identificationinformation transmitted from the reception device; an advance noticeunit configured to make a device identification information searchadvance notice, to the reception device; a device identificationinformation search unit configured to search out the deviceidentification information corresponding to an IP (Internet Protocol)address of the reception device, from a network to which the receptiondevice is connected; a comparison judgement unit configured to judgewhether the device identification information searched out by the deviceidentification information search unit and the device identificationinformation registered by the device identification informationregistration unit coincide or not; a request response receptionjudgement unit configured to judge whether a response to the deviceidentification information search advance notice is received or not; anda distribution condition determination unit configured to determine adistribution condition for contents to be transmitted to the receptiondevice that made the contents transmission request, according tojudgement results obtained by the comparison judgement unit and therequest response reception judgement unit.
 14. A contentstransmission/reception system, comprising: a transmission device; and atleast one reception device that receives contents from the transmissiondevice; wherein the transmission device has: a device identificationinformation search judgement unit configured to judge whether a deviceidentification information search request from a reception device isreceived or not; and a contents transmission control unit configured toprohibit transmission of contents to the reception device when thedevice identification information search judgement unit judges that thedevice identification information search request is not received; andthe reception device has: a contents transmission request unitconfigured to make a contents transmission request to the transmissiondevice; an authentication and key exchange processing unit configured tocarry out an authentication and key exchange processing with thetransmission device to which the contents transmission request is made;a device identification information transmission request unit configuredto transmit the device identification information request to thetransmission device, such that the transmission device transmits adevice identification information; a device identification informationregistration unit configured to register the device identificationinformation transmitted from the reception device; an advance noticeunit configured to make a device identification information searchadvance notice, to the transmission device; a device identificationinformation search unit configured to search out the deviceidentification information corresponding to an IP (Internet Protocol)address of the transmission device, from a network to which thetransmission device is connected; a comparison judgement unit configuredto judge whether the device identification information searched out bythe device identification information search unit and the deviceidentification information registered by the device identificationinformation registration unit coincide or not; and a reception conditiondetermination unit configured to determine a reception condition forcontents to be transmitted from the transmission device to which thecontents transmission request is made, according to a judgement resultobtained by the comparison judgement unit.
 15. A contents receptiondevice for receiving contents from a transmission device, the contentsreception device comprising; a contents transmission request unitconfigured to make a contents transmission request to the transmissiondevice: an authentication and key exchange processing unit configured tocarry out an authentication and key exchange processing with thetransmission device to which the contents transmission request is made;a device identification information transmission request unit configuredto transmit a device identification information request to thetransmission device, such that the transmission device transmits adevice identification information; a device identification informationregistration unit configured to register the device identificationinformation transmitted from the reception device; an advance noticeunit configured to make a device identification information searchadvance notice, to the transmission device; a device identificationinformation search unit configured to search out the deviceidentification information corresponding to an IP (Internet Protocol)address of the transmission device, from a network to which thetransmission device is connected; a comparison judgement unit configuredto judge whether the device identification information searched out bythe device identification information search unit and the deviceidentification information, registered by the device identificationinformation registration unit coincide or not; and a reception conditiondetermination unit configured to determine a reception condition forcontents to be transmitted from the transmission device to which thecontents transmission request is made, according to a judgement resultobtained by the comparison judgement unit.